At least some known complex-system platforms and infrastructures have adopted IT-enabled (or e-enabled) architectures and technologies to implement information systems and thereby take advantage of operational and performance efficiencies that result from being networked. These types of architectures and technologies implement information systems across a wide variety of industries, from those that support business operations to those that support complex modes of transportation. Aviation platforms and infrastructures, for example, are complex system platforms that involve hierarchically-networked embedded systems with varying operational criticality, reliability and availability requirements, and include systems both onboard and off-board aircraft. As these systems, and thus the aircraft, have become IT-enabled, they may be the targets of cybersecurity threats.
Generally, within at least some known platforms, the embedded systems are hosted on general-purpose computing devices, commercial software operating systems and specific custom applications performing intended system functions. Onboard embedded systems may be networked via standards-based protocols to enable seamless integration of the IT-enabled architecture to implement various information systems. And just like the systems, their integration may also be the target of cybersecurity threats.
A number of techniques have been developed for threat modeling and others for threat analysis, but these techniques are typically independent of one another, focus on individual systems, and fall short in the case of large-scale integrations for complex systems such as aircraft. It may therefore be desirable to have a system and method that addresses these challenges, and improves upon existing practices.